login: regenerates session id on login

pkg/api/login.go

@@ -143,6 +143,7 @@ func loginUserWithUser(user *m.User, c *middleware.Context) {
 		c.SetSuperSecureCookie(user.Rands+user.Password, setting.CookieRememberName, user.Login, days, setting.AppSubUrl+"/")
 	}
 
+	c.Session.RegenerateId(c)
 	c.Session.Set(middleware.SESS_KEY_USERID, user.Id)
 }
 

pkg/middleware/session.go

@@ -103,6 +103,8 @@ type SessionStore interface {
 	Destory(*Context) error
 	// init
 	Start(*Context) error
+	// RegenerateId regenerates the session id
+	RegenerateId(*Context) error
 }
 
 type SessionWrapper struct {
@@ -116,6 +118,12 @@ func (s *SessionWrapper) Start(c *Context) error {
 	return err
 }
 
+func (s *SessionWrapper) RegenerateId(c *Context) error {
+	var err error
+	s.session, err = s.manager.RegenerateId(c.Context)
+	return err
+}
+
 func (s *SessionWrapper) Set(k interface{}, v interface{}) error {
 	if s.session != nil {
 		return s.session.Set(k, v)